Token based authentication and authorization is widely used in today's web applications. In general a token allows a user to access a specific resource—without using any other information such as a username and a password. For example, a token may be obtained by submitting a request to a token authority server. The user may be prompted to enter a username and password for authentication and retrieval of the authorization rights associated with the user's account at the token authority server. Upon determining the authorization rights of the user, the token authority server issues a token, which will enable the user to access resources at an application server for a predetermined period of time. Once the token is obtained, the user can access the resources for the predetermined time period at the server hosting the application services by including the token in each request sent to the server.
When a token is issued it includes an expiration time interval after which the token is no longer valid and would need to be renewed. Thus, each time the server hosting the application services receives a request with an invalid token (after the time interval had expired), it denies access to the resources requested by a client device and causes the client device to request a new token from the token authority server.